https (was: Re: Exploit for DNS Cache Poisoning - RELEASED)
cmadams at hiwaay.net
Thu Jul 24 13:02:51 UTC 2008
Once upon a time, Robert Kisteleki <robert at ripe.net> said:
> I understand this is a huge can of worms, but maybe it's time to change the
> default behavior of browsers from http to https...?
This is a _DNS_ vulnerability. The Internet is more than HTTP(S).
Think about email (how many MTAs do TLS and validate the certs?). Even
things like BitTorrent require valid DNS (how about MPAA/RIAA poisoning
the cache for thepiratebay?).
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the NANOG